Bybit Confirms Record-Breaking $1.5 Billion Crypto Heist in Sophisticated Cold Wallet Attack - Related to is, using, minutes, menace, $1.5

AI-Powered Deception is a Menace to Our Societies

Wherever there’s been conflict in the world, propaganda has never been far away. Travel back in time to 515 BC and read the Behistun Inscription, an autobiography by Persian King Darius that discusses his rise to power. More not long ago, see how different newspapers analysis on wars, where it’s expressed, ‘The first casualty is the truth.’.

While these forms of communication could shape people’s beliefs, they also carry limitations around scalability. Any messaging and propaganda would often lose its power after traveling a certain distance. Of course, with social media and the online world there are few physical limits on reach, apart from where someone’s internet connection drops. Add in the rise of AI, and there’s also nothing to stop the scalability either.

This article explores what this means for societies and organizations facing AI-powered information manipulation and deception.

, around one-in-five Americans get their news from social media. In Europe, there’s been an 11% rise in people using social media platforms to access news. AI algorithms are at the heart of this behavioral shift. However, they aren’t compelled to present both sides of a story, in the way that journalists are trained to, and that media regulators require. With fewer restrictions, social media platforms can focus on serving up content that their consumers like, want, and react to.

This focus on maintaining eyeballs can lead to a digital echo chamber, and potentially polarized viewpoints. For example, people can block opinions they disagree with, while the algorithm automatically adjusts user feeds, even monitoring scrolling speed, to boost consumption. If consumers only see content that they agree with, they’re reaching a consensus with what AI is showing them, but not the wider world.

What’s more, more of that content is now being generated synthetically using AI tools. This includes over 1,150 unreliable AI-generated news websites in the recent past identified by NewsGuard, a firm specializing in information reliability. With few limitations to AI’s output capability, long-standing political processes are feeling the impact.

It’s fair to say that we humans are unpredictable. Our multiple biases and countless contradictions play out in each of our brains constantly. Where billions of neurons make new connections that shape realities and in turn, our opinions. When malicious actors add AI to this potent mix, this leads to events such as:

Deepfake videos spreading during the US election: AI tools allow cybercriminals to create fake footage, featuring people moving and talking, using just text prompts. The high levels of ease and speed mean no technical expertise is needed to create realistic AI-powered footage. This democratization threatens democratic processes, as shown in the run-up to the recent US election. Microsoft highlighted activity from China and Russia, where ‘threat actors were observed integrating generative AI into their US election influence efforts.’.

AI tools allow cybercriminals to create fake footage, featuring people moving and talking, using just text prompts. The high levels of ease and speed mean no technical expertise is needed to create realistic AI-powered footage. This democratization threatens democratic processes, as shown in the run-up to the recent US election. Microsoft highlighted activity from China and Russia, where ‘threat actors were observed integrating generative AI into their US election influence efforts.’ Voice cloning and what political figures say: Attackers can now use AI to copy anyone’s voice, simply by processing a few seconds of their speech. That’s what happened to a Slovakian politician in 2023. A fake audio recording spread online, supposedly featuring Michal Simecka discussing with a journalist how to fix an upcoming election. While the discussion was soon found to be fake, this all happened just a few days before polling began. Some voters may have cast their vote while believing the AI video was genuine.

Attackers can now use AI to copy anyone’s voice, simply by processing a few seconds of their speech. That’s what happened to a Slovakian politician in 2023. A fake audio recording spread online, supposedly featuring Michal Simecka discussing with a journalist how to fix an upcoming election. While the discussion was soon found to be fake, this all happened just a few days before polling began. Some voters may have cast their vote while believing the AI video was genuine. LLMs faking public sentiment: Adversaries can now communicate as many languages as their chosen LLM, and at any scale too. Back in 2020, an early LLM, GPT-3, was trained to write thousands of emails to US state legislators. These advocated a mix of issues from the left and right of the political spectrum. About 35,000 emails were sent, a mix of human-written and AI-written. Legislator response rates ‘were statistically indistinguishable’ on three issues raised.

It’s still possible to identify many AI-powered deceptions. Whether that’s from a glitchy frame in a video, or a mispronounced word in a speech. However, as technology progresses, it’s going to become harder, even impossible to separate fact from fiction.

Fact-checkers may be able to attach follow-ups to fake social media posts. Websites such as Snopes can continue debunking conspiracy theories. However, there’s no way to make sure these get seen by everyone who saw the original posts. It’s also pretty much impossible to find the original source of fake material, due to the number of distribution channels available.

Seeing (or hearing) is believing. I’ll believe it when I see it. Show me, don’t tell me. All these phrases are based on human’s evolutionary understanding of the world. Namely, that we choose to trust our eyes and ears.

These senses have evolved over hundreds, even millions of years. Whereas ChatGPT was released publicly in November 2022. Our brains can’t adapt at the speed of AI, so if people can no longer trust what’s in front of them, it’s time to educate everyone’s eyes, ears, and minds.

Otherwise, this leaves organizations wide open to attack. After all, work is often where people spend most time at a computer. This means equipping workforces with awareness, knowledge, and skepticism when faced with content engineered to generate action. Whether that contains political messaging at election time, or asking an employee to bypass procedures and make a payment to an unverified bank account.

It means making societies aware of the many ways malicious actors play on natural biases, emotions, and instincts to believe what someone is saying. These play out in multiple social engineering attacks, including phishing (‘the number one internet crime type’ ).

And it means supporting individuals to know when to pause, reflect, and challenge what they see online. One way is to simulate an AI-powered attack, so they gain first-hand experience of how it feels and what to look out for. Humans shape society, they just need help to defend themselves, organizations, and communities against AI-powered deception.

A high-severity security flaw impacting the Craft content management system (CMS) has been added by the [website] Cybersecurity and Infrastructure Security......

Mit verschlüsselten Daten zu arbeiten, ohne sie entschlüsseln zu müssen, klingt unmöglich. Und doch bietet die homomorphe Verschlüsselung genau diese ......

Cryptocurrency exchange Bybit on Friday revealed that a.

Cybercriminals Can Now Clone Any Brand’s Site in Minutes Using Darcula PhaaS v3

The threat actors behind the Darcula phishing-as-a-service (PhaaS) platform appear to be readying a new version that allows prospective consumers and cyber crooks to clone any brand's legitimate website and create a phishing version, further bringing down the technical expertise required to pull off phishing attacks at scale.

The latest iteration of the phishing suite "represents a significant shift in criminal capabilities, reducing the barrier to entry for bad actors to target any brand with complex, customizable phishing campaigns," Netcraft mentioned in a new analysis.

The cybersecurity organization noted it has detected and blocked more than 95,000 new Darcula phishing domains, nearly 31,000 IP addresses, and taken down more than 20,000 fraudulent websites since it was first exposed in late March 2024.

The biggest change incorporated into Darcula is the ability for any user to generate a phishing kit for any brand in an on-demand fashion.

"Now, you can also customize the front-end yourself. Using darcula-suite, you can complete the production of a front-end in 10 minutes."

To do this, all a customer has to do is provide the URL of the brand to be impersonated in a web interface, with the platform employing a browser automation tool like Puppeteer to export the HTML and all required assets.

customers can then select the HTML element to replace and inject the phishing content ([website], payment forms and login fields) such that it matches the look and feel of the branded landing page. The generated phishing page is then uploaded to an admin panel.

"Like any Software-as-a-Service product, the darcula-suite PhaaS platform provides admin dashboards that make it simple for fraudsters to manage their various campaigns," security researcher Harry Freeborough stated.

"Once generated, these kits are uploaded to another platform where criminals can manage their active campaigns, find extracted data, and monitor their deployed phishing campaigns."

Besides featuring dashboards that highlight the aggregated performance statistics of the phishing campaigns, Darcula v3 goes a step further by offering a way to convert the stolen credit card details into a virtual image of the victim's card that can be scanned and added to a digital wallet for illicit purposes. Specifically, the cards are loaded onto burner phones and sold to other criminals.

The tool is noted to be currently in the internal testing stage. In a follow-up post dated February 10, 2025, the malware author posted the message: "I have been busy these days, so the v3 modification will be postponed for a few days."

Die Verschlüsselung mit DES gilt seit Langem, bereits länger als zwei Dekaden, als unsicher. Nun macht Microsoft Nägel mit Köpfen: Die DES-Verschlüsse......

Apple is removing its Advanced Data Protection (ADP) feature for iCloud from the United Kingdom with immediate effect following government demands for......

Angreifer können Sicherheitsbeschränkungen von IBMs Middleware für die Transaktionsverarbeitung umgehen und so PCs attackieren. Dagegen stehen gerüste......

Bybit Confirms Record-Breaking $1.5 Billion Crypto Heist in Sophisticated Cold Wallet Attack

Cryptocurrency exchange Bybit on Friday revealed that a "sophisticated" attack led to the theft of over $[website] billion worth of cryptocurrency from one of its Ethereum cold (offline) wallets, making it the largest ever single crypto heist in history.

"The incident occurred when our ETH multisig cold wallet executed a transfer to our warm wallet. Unfortunately, this transaction was manipulated through a sophisticated attack that masked the signing interface, displaying the correct address while altering the underlying smart contract logic," Bybit presented in a post on X.

"As a result, the attacker was able to gain control of the affected ETH cold wallet and transfer its holdings to an unidentified address."

In a separate statement , Bybit's CEO Ben Zhou emphasized that all other cold wallets are secure. The organization further mentioned it has reported the case to the appropriate authorities.

While there is no official confirmation from Bybit yet, Elliptic and Arkham Intelligence confirmed that the digital theft is the work of the infamous Lazarus Group. The incident makes it the biggest-ever cryptocurrency heist reported to date, dwarfing that of Ronin Network ($624 million), Poly Network ($611 million), and BNB Bridge ($586 million).

Independent researcher ZachXBT mentioned they "connected the Bybit hack on-chain to the Phemex hack," the latter of which took place late last month.

The North Korea-based threat actor is one of the most prolific hacking groups, orchestrating dozens of cryptocurrency heists to generate illicit revenue for the sanctions-hit nation. Last year, Google described North Korea as "arguably the world's leading cyber criminal enterprise."

In 2024, it's estimated to have stolen $[website] billion across 47 cryptocurrency hacks, accounting for 61% of all ill-gotten crypto during the time period, .

"Cryptocurrency heists are on the rise due to the lucrative nature of their rewards, the challenges associated with attribution to malicious actors, and the opportunities presented by nascent familiarity with cryptocurrency and Web3 technologies among many organizations," Google-owned Mandiant noted last month.

In a standalone revision, Bybit noted it detected unauthorized activity within one of our Ethereum (ETH) Cold Wallets during a planned routine transfer process on February 21, 2025, at around 12:30 [website] UTC.

"The transfer was part of a scheduled move of ETH from our ETH Multisig Cold Wallet to our Hot Wallet," it expressed in a statement.

"Unfortunately, the transaction was manipulated by a sophisticated attack that altered the smart contract logic and masked the signing interface, enabling the attacker to gain control of the ETH Cold Wallet. As a result, over 400,000 ETH and stETH worth more than $[website] billion were transferred to an unidentified address."

TRM Labs has also attributed the hack with high confidence to the Lazarus Group, based on "substantial overlaps observed between addresses controlled by the Bybit hackers and those linked to prior North Korean thefts" such as Phemex, BingX, and Poloniex.

"The recent incident with Bybit marks a new phase in attack methods, featuring advanced techniques for manipulating user interfaces," Check Point Research noted. "Instead of just exploiting protocol mechanics, the attackers employed advanced social engineering through manipulated interfaces, allowing them to compromise a significant institutional multisig setup."

The cybersecurity corporation also pointed out that the attack highlights a scenario where threat actors are manipulating legitimate transactions through the Gnosis Safe Protocol's execTransaction function, stating "multisig cold wallets are not secure if signers can be deceived or compromised, emphasizing the growing sophistication of supply chain and user interface manipulation attacks."

In a detailed analysis , Elliptic noted that the Lazarus Group's laundering process follows a characteristic pattern, which involves exchanging stolen tokens for a native blockchain asset like Ether to avoid attempts to freeze the digital assets.

"This is exactly what happened in the minutes following the Bybit theft, with hundreds of millions of dollars in stolen tokens such as stETH and cmETH exchanged for Ether," the firm stated, adding the funds were layered to cover up the transaction trail by routing them to 50 different wallets within two hours of the theft, and then shifting them through crypto exchanges like eXch to convert them into bitcoin.

"North Korea's Lazarus Group is the most sophisticated and well-resourced launderer of cryptoassets in existence, continually adapting its techniques to evade identification and seizure of stolen assets," Elliptic stated.

Elliptic further called out cryptocurrency exchange eXch for allowing North Korean threat actors to launder the ill-gotten proceeds by allowing its customers to swap crypto assets anonymously. It's assessed that stolen cryptocurrency from Bybit worth over $75 million have been exchanged using eXch, converting the digital funds into bitcoin.

However, eXch has denied laundering funds stolen from Bybit, stating it is "NOT laundering money for Lazarus/DPRK" and that "insignificant part of funds that was processed by us from the ByBit hack in an isolated case will be donated to various open-source initiatives dedicated to privacy and security both inside and outside crypto space."

"They certainly are laundering the funds stolen by DPRK from Bybit – it's visible on the blockchain," Dr. Tom Robinson, co-founder and chief scientist at Elliptic, told The Hacker News.

"Over $75 million of the stolen funds have been laundered through eXch so far. They are trying to conceal it and the total figure may be more than this. And this isn't the first time – cryptoassets from multiple previous DPRK-attributed hacks have been sent through eXch."

(The story was updated after publication to include additional information and revise the total amount of cryptocurrency stolen in the incident.).

Die kriminelle Online-Bande Cl0p ist für das Kopieren von Daten von Unternehmen und die darauf folgende Erpressung mit der Datenveröffentlichung bekan......

Cybersecurity researchers have uncovered a widespread phishing campaign that uses fake CAPTCHA images shared via PDF documents hosted on Webflow's con......

One of the most notorious providers of abuse-friendly “bulletproof” web hosting for cybercriminals has started routing its operations through networks......